Who We Are

DBT-Mind is operated by DBT-Mind, based in Germany. We are committed to protecting your privacy and ensuring the security of your personal mental health information.

Information We Collect

Personal Information

• Account information (email address, username)
• Profile information you choose to provide
• Communication preferences
• Subscription and payment information (processed through app stores)

Mental Health Data

• Journal entries and mood tracking data (encrypted and stored securely)
• Crisis chat conversations with our AI system
• DBT skill usage and progress data
• Custom skills and coping strategies you create
• Progress reports and analytics
• AI Crisis Coach interaction logs

Mobile Device Information

• Device identifiers (advertising ID, device ID)
• Device model, operating system, and version
• App version and build information
• Mobile network information
• Push notification tokens (when notifications are enabled)
• App crash reports and performance data

Usage and Analytics Data

• App usage statistics and feature interaction data
• Session duration and frequency
• Navigation patterns within the app
• Subscription management activities
• Error logs and diagnostic information

Location and Network Data

• IP address and approximate geographic location (country/region)
• Time zone information
• Network connection type (WiFi, cellular)
• We do not collect precise location data unless explicitly requested

How We Protect Your Data

Encryption

All sensitive data is encrypted using industry-standard AES-256 encryption both in transit and at rest. Your journal entries and crisis chat conversations are end-to-end encrypted, meaning only you can access them.

Data Storage

Your data is stored on secure servers with multiple layers of protection. We use reputable cloud service providers that comply with international security standards.

Access Controls

Access to your personal data is strictly limited to authorized personnel who need it to provide our services. All access is logged and monitored.

How We Use Your Information

• Provide Services: To deliver the DBT-Mind app functionality and support
• Improve Experience: To personalize and enhance your app experience
• Safety: To provide crisis support and safety features
• Communication: To send important updates about your account or the app
• Research: To improve mental health support (only with anonymized data)
• Legal Compliance: To comply with legal obligations and protect rights

Third-Party Services and Data Sharing

Service Providers We Use

• Supabase: Secure database hosting and authentication services
• RevenueCat: Subscription management and analytics
• Google Analytics: App performance and usage analytics
• OpenAI: AI Crisis Coach functionality (anonymized data only)
• Apple/Google: App store services, payment processing, and notifications

What Data We Share

• Analytics Data: Anonymized usage statistics with Google Analytics
• Subscription Data: Transaction information with RevenueCat and app stores
• Technical Data: Error logs and performance data with service providers
• AI Interactions: Anonymized conversation data with OpenAI for service improvement

We Do NOT Share Your Data Except:

• With Your Consent: When you explicitly choose to share progress reports with healthcare providers
• Emergency Situations: If we believe disclosure is necessary to prevent serious harm
• Legal Requirements: When required by law or legal process
• Service Providers: With trusted partners who help us operate the app (under strict confidentiality agreements)
• Never for Advertising: We do not sell your data to advertisers or marketing companies
• Never Your Journal Data: Encrypted journal entries are never shared with third parties

Your Rights and Choices

General Data Rights

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a readable format
• Opt-out: Unsubscribe from communications
• Restrict Processing: Limit how we use your data

Mobile App Specific Rights

• Push Notifications: Control through device settings or app preferences
• App Permissions: Manage device permissions through iOS/Android settings
• Advertising ID: Reset or opt-out through device privacy settings
• Subscription Management: Cancel through app store settings
• Analytics Opt-out: Contact us to opt-out of usage analytics

Account Deletion

• Self-Service Deletion: Use our account deletion page at dbt-mind.com/delete-account
• Email Request: Contact hello@dbt-mind.com for deletion assistance
• Data Removal: All personal data deleted within 30 days of request
• Encrypted Data: Journal entries permanently deleted from secure storage
• Note: Deleting the app does not delete your account data

Data Retention

We retain your data only as long as necessary to provide our services or as required by law. You can request deletion of your account at any time, after which we will securely delete your data within 30 days, except where retention is required by law.

Mobile App Store Privacy Compliance

Apple App Store Privacy

• We comply with Apple's App Tracking Transparency (ATT) framework
• App privacy manifest available through App Store listing
• No cross-app tracking without explicit user consent
• Privacy nutrition labels accurately reflect our data practices

Google Play Store Privacy

• Data safety section accurately describes data collection and sharing
• Compliance with Google Play Developer Program Policies
• No sale of personal or sensitive user data
• Prominent disclosure of data collection purposes

Health Data Protection

• Mental health data treated as sensitive information
• Enhanced encryption for journal entries and crisis chat logs
• No sharing of health data for advertising purposes
• Compliance with applicable health data protection regulations

AI and Automated Processing

AI Crisis Coach Data Processing

• Conversations with AI Crisis Coach are processed by OpenAI's systems
• Personal identifiers are removed before sending data to OpenAI
• AI interactions are logged for safety and service improvement
• No permanent storage of conversation data by OpenAI

Automated Decision-Making

• We do not use automated decision-making for medical or treatment purposes
• AI responses are suggestions only, not medical advice
• You have the right to request human review of any AI interactions
• No automated profiling for marketing or advertising purposes

AI Data Rights

• You can opt-out of AI Crisis Coach features at any time
• Request deletion of AI interaction logs through account deletion
• Report concerning AI responses to hello@dbt-mind.com
• Access to conversation history available through data export

Children's Privacy

DBT-Mind is not intended for children under 13. If you are between 13-17, you must have parental consent to use our app. We do not knowingly collect personal information from children under 13.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy and German and EU data protection laws.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through the app. Your continued use of DBT-Mind after changes take effect constitutes acceptance of the new policy.

Legal Compliance and Regulatory Information

GDPR Compliance

• DBT-Mind operates under German and EU data protection law
• Lawful basis for processing: Consent (Article 6(1)(a)) and Contract performance (Article 6(1)(b))
• Special category data processed under Article 9(2)(a) with explicit consent
• Data protection impact assessments conducted for high-risk processing

Regional Compliance

• Germany: Compliance with BDSG (Federal Data Protection Act)
• EU: Full GDPR compliance for all European users
• Global: Privacy by design principles applied worldwide
• App Stores: Compliance with Apple and Google privacy requirements

Data Processing Records

• Detailed records of processing activities maintained per GDPR Article 30
• Regular privacy audits and compliance reviews conducted
• Data protection officer oversight of all processing activities
• Privacy impact assessments for new features and integrations

Wer wir sind

DBT‑Mind – Die DBT App, betrieben in Deutschland. Wir schützen deine persönlichen und gesundheitsbezogenen Daten.

Welche Daten wir erheben

• Account‑Daten: E‑Mail, Profilangaben, Abo‑Informationen (über App‑Stores)
• Mentale Gesundheitsdaten: Tagebuch, Stimmungsverlauf, AI‑Chat – Ende‑zu‑Ende gesichert
• Geräte‑ & Nutzungsdaten: Gerätekennungen, App‑Version, Absturzberichte, Sitzungsdaten
• Standort grob: Land/Region über IP, keine präzise Standortabfrage

Wie wir deine Daten schützen

• Verschlüsselung in Transit und im Ruhezustand
• Zugriffsbeschränkungen und Protokollierung
• Journal‑Einträge werden besonders geschützt

Drittanbieter & Weitergabe

• Supabase (Daten), RevenueCat (Abos), Google Analytics (Leistung), OpenAI (AI Coach)
• Keine Weitergabe für Werbung, keine Veräußerung deiner Daten
• Journal‑Daten werden nicht an Dritte weitergegeben

AI‑Verarbeitung

• AI‑Chats werden über OpenAI verarbeitet; personenbezogene Kennungen werden vorab entfernt.
• Keine automatisierten medizinischen Entscheidungen.
• Du kannst AI‑Funktionen jederzeit deaktivieren und Löschung anfordern.

Deine Rechte

• Auskunft, Berichtigung, Löschung, Einschränkung, Datenübertragbarkeit
• Account‑Löschung: dbt‑mind.com/delete‑account oder hello@dbt-mind.com
• Benachrichtigungen und Berechtigungen in den Geräteeinstellungen steuern